Gitiles
Code Review Sign In
gerrit.opencord.org / quagga / 0088b5dc55a91d27e572484e61df71b8ca2eddf4^! / . / bgpd / bgpd.c
commit0088b5dc55a91d27e572484e61df71b8ca2eddf4[log] [tgz]
authorStephen Hemminger <shemminger@vyatta.com>Thu May 21 08:51:03 2009 -0700
committerPaul Jakma <paul@quagga.net>Thu Jun 18 20:18:28 2009 +0100
treef93714f98d12890f961794cd026b6bf2de75105e
parentdde7258666fd73878b4cc10b4b5b7c07e9be049e [diff] [blame]
[bgpd] reference count the BGP instance

When a BGP instance is deleted with lots of routes and neighbors
it is possible for the peer rsclient queue to run after
bgp_delete has been called. This would lead to bgpd crashing,
see https://bugzilla.vyatta.com/show_bug.cgi?id=3436

The fix is to add reference counting to the BGP instance and defer
actual freeing until all references are gone.

This patch also fixes a memory leak where the self-reference
peer instance was being created but never freed.

The check in bgp_clear_route is no longer valid because it is possible
for it to be called when peer is in Deleted state during cleanup.

diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 3adede8..1fefbd3 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c

@@ -688,7 +688,9 @@
 peer_free (struct peer *peer)
 {
   assert (peer->status == Deleted);
-  
+
+  bgp_unlock(peer->bgp);
+
   /* this /ought/ to have been done already through bgp_stop earlier,
    * but just to be sure.. 
    */
@@ -791,6 +793,7 @@
   peer->password = NULL;
   peer->bgp = bgp;
   peer = peer_lock (peer); /* initial reference */
+  bgp_lock (bgp);
 
   /* Set default flags.  */
   for (afi = AFI_IP; afi < AFI_MAX; afi++)
@@ -1909,6 +1912,7 @@
   if ( (bgp = XCALLOC (MTYPE_BGP, sizeof (struct bgp))) == NULL)
     return NULL;
   
+  bgp_lock (bgp);
   bgp->peer_self = peer_new (bgp);
   bgp->peer_self->host = strdup ("Static announcement");
 
@@ -2045,7 +2049,6 @@
   struct listnode *node;
   struct listnode *next;
   afi_t afi;
-  safi_t safi;
   int i;
 
   /* Delete static route. */
@@ -2059,14 +2062,46 @@
 
   for (ALL_LIST_ELEMENTS (bgp->group, node, next, group))
     peer_group_delete (group);
-  list_delete (bgp->group);
 
   for (ALL_LIST_ELEMENTS (bgp->peer, node, next, peer))
     peer_delete (peer);
-  list_delete (bgp->peer);
 
   for (ALL_LIST_ELEMENTS (bgp->rsclient, node, next, peer))
     peer_delete (peer);
+
+  if (bgp->peer_self) {
+    peer_delete(bgp->peer_self);
+    bgp->peer_self = NULL;
+  }
+
+  bgp_unlock(bgp);  /* initial reference */
+
+  return 0;
+}
+
+static void bgp_free (struct bgp *);
+
+void
+bgp_lock (struct bgp *bgp)
+{
+  ++bgp->lock;
+}
+
+void
+bgp_unlock(struct bgp *bgp)
+{
+  if (--bgp->lock == 0)
+    bgp_free (bgp);
+}
+
+static void
+bgp_free (struct bgp *bgp)
+{
+  afi_t afi;
+  safi_t safi;
+
+  list_delete (bgp->group);
+  list_delete (bgp->peer);
   list_delete (bgp->rsclient);
 
   listnode_delete (bm->bgp, bgp);
@@ -2085,8 +2120,6 @@
 	  XFREE (MTYPE_ROUTE_TABLE,bgp->rib[afi][safi]);
       }
   XFREE (MTYPE_BGP, bgp);
-
-  return 0;
 }
 
 struct peer *